Why are we advising PKI if we know that quantum computers will break them?People working in quantum computation (aka my colleagues) estimate the arrival date of quantum computers between 20 and 200 years from now. In other words they agree on one thing: it is beyond the predictable technological horizon ! I really do not think anyone serious think we will have a quantum computer able to break classical cryptography in the next decade.

Sep11

comment

Quantum key exchange skepticism/confusionYou can do this, but it amounts to assume technological limitation to Eve, which 1) is always difficult to define rigorously 2) doesn’t really improve the protocol performance by a lot. So yes, it is possible, but it is not usually not worth it.

Sep11

comment

Quantum key exchange skepticism/confusion@RickyDemer: I don’t really understand your question,but I’ll explain the things in another way, hoping to answer the question by chance ! There exist a (unknown) maximal value $e^*$ for the tolerable error rate. Alice and Bob can exchange a key if and only if their error rate $e$ obeys $e<e^*$. An upper bound $u≥e^*$ is often given by an explicit attack (like $u=25\%$ above), but we want a lower bound $l≤e^*$ ($l=11\%$ above), such that $e<l$ ensures $e<e^*$. Finding $l$ is not trivial, since one has to take account of an adversary smarter than us, to stay on the safe side!

Quantum key exchange skepticism/confusionOn Eve’s Balance : exactly ! This QKD transforms spyinf into a denial of service attack. In practice, the errors will come from technical imperfection, but Alice and Bob cannot be sure. This is what limits in practice the range of QKD

Quantum key exchange skepticism/confusionMore inforamtion theoretic details about modern security proofs for QKD are available p95 of this ETHZ course, but you’ll need to familiarize yourself with Smothh Quantum Rényi entropies (introduced earlier in the same course) in order to extract something from this link...